<?php
require(dirname(__FILE__) . '/../../includes/global.php');
@session_start();
@header("Cache-control: private");
$tbl_comment = $_TABLES['article_comment'];
$display = $G_cfg['article_cfg']['article_comment_display']; // 配置文件中决定是否默认显示文章评论

$action = $_GET['action'];
if($action == 'add') {
    $conn   = & get_db_conn();
    $data   = array(
        'aid'   => @(int)$_POST['aid'],
        'nickname'  => trim($_POST['nickname']),
        'anonymous' => @(int)$_POST['anonymous'],
        'content'   => trim($_POST['comment_content']),
        'posttime'  => $timestamp,
        'up'        => 0,
        'down'      => 0,
        'ip'        => realip(),
        'reply'     => '',
        'display'   => 0,
        );
    if($conn->AutoExecute($tbl_comment,$data,'INSERT')) {
        echo 'ok';
    }
} elseif($action == 'li') {
    $aid = @(int)$_GET['aid'];
    $page = @(int)$_GET['page'];
    $pagesize = @(int)$_GET['pagesize'];

    $conn   = & get_db_conn();
    $where  = "WHERE aid = '$aid'";
    /*
    if($display == 1) {
        $where .= "AND display = '$display'";
    }
    */
    $csql = "SELECT COUNT(*) AS rs_count FROM $tbl_comment $where";
    $rs   = $conn->GetRow($csql);
    if($rs) $record_total = (int)$rs['rs_count'];
    else $record_total = 0;
    $page_total = ceil($record_total/$pagesize);
    if($page<=0) $page = 1;
    if($page>$page_total&&$page_total>0) $page=$page_total;
    $orderby= 'ORDER BY posttime DESC';


    $page_info  = "$record_total 条记录 共 $page_total 页 ";
    $page_list  = get_page_nav($page_total,'javascript:comment_list');


    $html = '';
    $sql = "SELECT * FROM $tbl_comment $where $orderby";
    $rs = $conn->PageExecute($sql,$pagesize,$page);
    while(!$rs->EOF) {
        $id         = $rs->fields['id'];
        $nickname   = htmlspecialchars($rs->fields['nickname']);
        $posttime   = $rs->fields['posttime'];
        $ip         = $rs->fields['ip'];
        $content    = strip_tags($rs->fields['content']);
        $reply      = strip_tags($rs->fields['reply']);
        $up         = @(int)$rs->fields['up'];
        $down       = @(int)$rs->fields['down'];

        $posttime   = date('Y-m-d H:i:s', $posttime);
        $content    = str_replace(array("\n", ' '), array("</P><P>", '&nbsp;'), $content);
        $content    = "<P>$content</P>";
        if($reply != '') {
            $reply  = str_replace(array("\n", ' '), array("</P><P>", '&nbsp;'), $reply);
            $reply  = "<div class=\"reply\" id=\"comment_reply_$id\"><P>$reply</P></div>";
        } else {
            $reply  = "<div class=\"reply\" id=\"comment_reply_$id\" style=\"display:none\"></div>";
        }

        $reply_menu = '';
        if(@(int)$_SESSION[$G_admin_session_key]['uid'] > 0) {
            $reply_menu = "<a href=\"javascript:comment_reply('{$id}')\">回复</a>";
        }



        $html  .= <<<EOT
<div class="comment_items">
<div class="header">
		<div class="nickname fL">网友：{$nickname} </div>
		<div class="fL ip">&nbsp;&nbsp;IP:$ip</div>
		<div class="fR time">$posttime</div>
		<div class="clear"></div>
	</div>
	<div class="content">{$content}{$reply}
		<div class="menu">
            $reply_menu
            <a href="javascript:comment_up('{$id}')">支持</a>[<span id="comment_up_{$id}">{$up}</span>] <a href="javascript:comment_down('{$id}')">反对</a>[<span id="comment_down_{$id}">{$down}</span>]</div>
	</div>
</div>
EOT;

        $rs->MoveNext();
    }
    $html .= <<<EOT
	<div class="page">
		<div class="page_list">$page_list</div>
		<div class="page_info">$page_info</div>
	</div>
EOT;
    echo iconv("GBK", "UTF-8", $html);
} elseif($action == 'query') {
    $code   = trim($_REQUEST['code']);
    $front  = @(int)$_REQUEST['front'];
    @session_start();
    if(strtolower($code) == strtolower($_SESSION[$G_front_session_key]['validate_code'])) {
        echo "ok";
    } else {
        echo "error";
    }
    $_SESSION[$G_front_session_key]['validate_code'] = false;
} elseif($action == 'up') {
    $id = @(int)$_GET['id'];
    if($id > 0) {
        $sql    = "UPDATE $tbl_comment SET up=up+1 WHERE id = $id";
        $conn   = & get_db_conn();
        if($conn->Execute($sql)) {
            echo 'ok';
        } else {
            echo 'error';
        }
    }
} elseif($action == 'down') {
    $id = @(int)$_GET['id'];
    if($id > 0) {
        $sql    = "UPDATE $tbl_comment SET down=down+1 WHERE id = $id";
        $conn   = & get_db_conn();
        if($conn->Execute($sql)) {
            echo 'ok';
        } else {
            echo 'error';
        }
    }
} elseif($action == 'reply') {
    // 回复信息需要验证是否为管理员



    $id = @(int)$_GET['id'];
    $reply = iconv('UTF-8', 'GBK', trim($_POST['reply']));
    $sql = "UPDATE $tbl_comment SET reply='$reply' WHERE id = $id";
    $conn   = & get_db_conn();
    if($conn->Execute($sql)) {
        echo 'ok';
    } else {
        echo 'error';
    }
}
?>